From f0b1cdb1890df574d1d305e998eb7ae61b279d01 Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Mon, 18 Jan 2021 01:58:34 -0800 Subject: [PATCH] libvirt: don't use iptables-nftables Per a comment on the PR that made this change, it turns out to cause issues in some cases: https://github.com/NixOS/nixpkgs/pull/109332#issuecomment-762005163 For now, let's revert back. Presumably the issues derive from the system iptables not matching libvirt's iptables. In the future, #81172 should move us back into the future, and I'm perfectly fine waiting for that PR to handle this separately. --- .../development/libraries/libvirt/default.nix | 31 +++++++++++++------ 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/pkgs/development/libraries/libvirt/default.nix b/pkgs/development/libraries/libvirt/default.nix index 60113d492a71..b162ab508101 100644 --- a/pkgs/development/libraries/libvirt/default.nix +++ b/pkgs/development/libraries/libvirt/default.nix @@ -2,7 +2,7 @@ , makeWrapper, autoreconfHook, fetchpatch , coreutils, libxml2, gnutls, perl, python2, attr, glib, docutils , iproute, readline, lvm2, util-linux, systemd, libpciaccess, gettext -, libtasn1, iptables-nftables-compat, libgcrypt, yajl, pmutils, libcap_ng, libapparmor +, libtasn1, iptables, ebtables, libgcrypt, yajl, pmutils, libcap_ng, libapparmor , dnsmasq, libnl, libpcap, libxslt, xhtml1, numad, numactl, perlPackages , curl, libiconv, gmp, zfs, parted, bridge-utils, dmidecode, dbus, libtirpc, rpcsvc-proto, darwin , meson, ninja, audit, cmake, bash-completion, pkg-config @@ -16,6 +16,19 @@ with lib; # if you update, also bump and SysVirt in let buildFromTarball = stdenv.isDarwin; + # libvirt hardcodes the binary name 'ebtables', but in nixpkgs the ebtables + # binary we want to use is named 'ebtables-legacy'. + # Create a derivation to alias the binary name so that libvirt can find the right one, and use that below. + ebtables-compat = stdenv.mkDerivation { + pname = "ebtables-compat"; + version = ebtables.version; + src = null; + buildInputs = [ ebtables ]; + buildCommand = '' + mkdir -p $out/bin + ln -sf ${ebtables}/bin/ebtables-legacy $out/bin/ebtables + ''; + }; in stdenv.mkDerivation rec { pname = "libvirt"; version = "6.8.0"; @@ -72,7 +85,7 @@ in stdenv.mkDerivation rec { sed -i meson.build -e "s|conf.set_quoted('${var}',.*|conf.set_quoted('${var}','${value}')|" ''; in '' - PATH=${lib.makeBinPath ([ dnsmasq ] ++ optionals stdenv.isLinux [ iproute iptables-nftables-compat lvm2 systemd numad ] ++ optionals enableIscsi [ openiscsi ])}:$PATH + PATH=${lib.makeBinPath ([ dnsmasq ] ++ optionals stdenv.isLinux [ iproute iptables ebtables-compat lvm2 systemd numad ] ++ optionals enableIscsi [ openiscsi ])}:$PATH # the path to qemu-kvm will be stored in VM's .xml and .save files # do not use "''${qemu_kvm}/bin/qemu-kvm" to avoid bound VMs to particular qemu derivations substituteInPlace src/lxc/lxc_conf.c \ @@ -115,15 +128,15 @@ in stdenv.mkDerivation rec { ]; postInstall = let - # iptables-nftables-compat for an 'ebtables' binary - binPath = [ iptables-nftables-compat iproute pmutils numad numactl bridge-utils dmidecode dnsmasq ] ++ optionals enableIscsi [ openiscsi ]; + # Keep the legacy iptables binary for now for backwards compatibility (comment on #109332) + binPath = [ iptables ebtables-compat iproute pmutils numad numactl bridge-utils dmidecode dnsmasq ] ++ optionals enableIscsi [ openiscsi ]; in '' substituteInPlace $out/libexec/libvirt-guests.sh \ - --replace 'ON_BOOT=start' 'ON_BOOT=''${ON_BOOT:-start}' \ - --replace 'ON_SHUTDOWN=suspend' 'ON_SHUTDOWN=''${ON_SHUTDOWN:-suspend}' \ - --replace "$out/bin" '${gettext}/bin' \ - --replace 'lock/subsys' 'lock' \ - --replace 'gettext.sh' 'gettext.sh + --replace 'ON_BOOT="start"' 'ON_BOOT=''${ON_BOOT:-start}' \ + --replace 'ON_SHUTDOWN="suspend"' 'ON_SHUTDOWN=''${ON_SHUTDOWN:-suspend}' \ + --replace "$out/bin" '${gettext}/bin' \ + --replace 'lock/subsys' 'lock' \ + --replace 'gettext.sh' 'gettext.sh # Added in nixpkgs: gettext() { "${gettext}/bin/gettext" "$@"; } '